A key management system (KMS) is a store of secrets. A secret typically has a public ID, a guarded value and a policy controlling who can obtain the value. In some cases, the secret may also have an expiration date and other metadata, and so on. In a typical use case, a requestor authenticates to a KMS, establishes a secure channel, requests the secret value by providing the secret ID, and expects the KMS to return to it the plaintext secret value. The value is protected from unauthorized eavesdropping and tampering by the secure channel between the requestor and the KMS.
A Trusted Execution Environment (TrEE), as used herein, can include any one of: a virtual secure mode (VSM) trustlet, an SGX application, an ARM TrustZone application or some other similar vehicle. There are some unique properties that TrEEs generally have in common. A TrEE will generally have a full crypto stack (in other words, one can assume a wide variety of cryptographic primitives across the entire spectrum, from secure random number generation to a full menu of hashing, encryption and signing libraries using secret keys). A TrEE will also generally have or be associated with few or limited I/O facilities, typically limited to a request driven architecture where requests are initiated by the untrusted “outside world”. For example, a VSM trustlet may use unauthenticated Remote Procedure Calls (RPCs). TrEEs may also have access to key material or data that is unavailable outside of TrEE. This allows a TrEE, among other things, to store data using untrusted I/O and then read it back, assuring tamper-resistance and confidentiality of state. A TrEE will also generally have or be associated with attestable code, configuration and key material. In particular, attestable key material allows the TrEE to receive messages encrypted to it from 3rd parties and sign messages to 3rd parties as coming from the TrEE.
As with other applications, the use of a KMS with a TrEE may present security limitations. Accordingly, improvements can be made to improve security utilizing keys sourced from a KMS with or in TrEEs.